`+server.js` endpoints do not correctly return the `allow` header

[eltigerchino]

Describe the bug

A list of allowed methods should be returned when making an invalid request to an endpoint.
However, no exported methods are being included in the allow header.

kit/packages/kit/src/runtime/server/utils.js

Line 44 in 51cd6e6

for (const method in ['GET', 'POST', 'PUT', 'PATCH', 'DELETE']) {

The issue stems from the in keyword comparing the index numbers instead of the http methods in the array. It should use the of keyword instead.
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for...of

Reproduction

https://stackblitz.com/edit/sveltejs-kit-template-default-v8r3ub?file=src%2Froutes%2F%2Bpage.svelte,src%2Froutes%2Ftest%2F%2Bserver.js&terminal=dev

Make a request to /test with a method that is not allowed such as PUT

Expected:
Response's allow header includes POST.

Actual:
Response's allow header is empty.

Logs

#### Browser console

Failed to load resource: the server responded with a status of 405 (Method Not Allowed)

System Info

System:
    OS: Linux 5.0 undefined
    CPU: (8) x64 Intel(R) Core(TM) i9-9880H CPU @ 2.30GHz
    Memory: 0 Bytes / 0 Bytes
    Shell: 1.0 - /bin/jsh
  Binaries:
    Node: 16.14.2 - /usr/local/bin/node
    Yarn: 1.22.19 - /usr/local/bin/yarn
    npm: 7.17.0 - /usr/local/bin/npm
  npmPackages:
    @sveltejs/adapter-auto: ^2.0.0 => 2.0.0 
    @sveltejs/kit: ^1.5.0 => 1.5.0 
    svelte: ^3.54.0 => 3.55.1 
    vite: ^4.0.0 => 4.1.1

Severity

annoyance

Additional Information

No response